[Owasp-ireland] Instagram iOS session hijack

Fabio Cerullo fcerullo at owasp.org
Tue Jul 29 17:56:14 UTC 2014

And here we go again... Instagram makes API calls to non-HTTPS endpoints
with session cookies in the request headers allowing full session hijack by
a malicious actor. Full details below:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20140729/015445c2/attachment.html>

More information about the Owasp-ireland mailing list